Lucene search
K

147 matches found

CNNVD
CNNVD
added 2024/01/29 12:0 a.m.4 views

Thruk Path Traversal Vulnerability

Thruk is an open source multi-backend monitoring web interface from the individual developer Sven Nierlein in Germany. A path traversal vulnerability exists in versions prior to Thruk 3.12, which stems from a vulnerability that allows an attacker to arbitrarily upload files to any path on the...

9.8CVSS6.9AI score0.01436EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/07/25 12:0 a.m.6 views

The vulnerability of the validate_path_is_safe() function in the machine learning lifecycle management platform allows a attacker to disclose sensitive information or execute arbitrary files.

The vulnerability of the validatepathissafe function in the machine learning model lifecycle management platform exists due to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose sensitive informatio...

10CVSS7.7AI score0.70736EPSS
Exploits1References7Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/07/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-35078

Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names,...

10CVSS7.4AI score0.99999EPSS
Exploits14References1
Snyk
Snyk
added 2023/06/20 12:27 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. PoC 1 Make sure you have a public/ directory with files in it. 2 Make sure you have a public-isprivate directory with files in it. 3...

7.5CVSS8AI score0.01088EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.6 views

Vite 安全漏洞

Vite is a new front-end building tool from Vite open source. A security vulnerability exists in Vite versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9. An attacker exploits the vulnerability to read files from the application's Vite root path...

7.5CVSS7.3AI score0.03152EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/05/16 5:46 p.m.7 views

CVE-2023-2196 Missing permission checks in Code Dx Plugin

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

4.3CVSS4.6AI score0.00953EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.46 views

Atlassian Jira 7.13.0 < 7.13.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...

8.1CVSS6.5AI score0.59832EPSS
Exploits2References6
Hacker One
Hacker One
added 2023/03/05 2:8 a.m.143 views

curl: CVE-2023-27534: SFTP path ~ resolving discrepancy

A vulnerability CVE-2023-27534 existed in libcurl's Curlgetworkingpath function, which resolved as remote users' home directory in an undocumented way for the sftp protocol. This could lead to unexpected final paths for sftp access, allowing an attacker with partial path access to gain access to...

8.8CVSS6.6AI score0.02195EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.6 views

The vulnerability of the monitoring, control, automation, and management tool for IBM Cloud Pak for Multicloud Management Monitoring lies in the incorrect restriction on the path to the restricted catalog. This allows attackers to escalate their privileges.

The vulnerability of the monitoring, control, automation, and management tool for IBM Cloud Pak for Multicloud Management Monitoring is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to increase their privileg...

7.6CVSS7.5AI score0.00532EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

7.8CVSS9AI score0.00516EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this...

5.3CVSS8.9AI score0.03515EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.2 views

SUSE CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...

7.5CVSS7.6AI score0.02166EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.2 views

SUSE CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

5.3CVSS7.6AI score0.02295EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-24449

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

6.9AI score0.01201EPSS
Exploits0References1
Drupal
Drupal
added 2022/09/28 12:0 a.m.8 views

S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2022-057

This module enables you to utilize S3-compatible storage as a Drupal filesystem. The module doesn't sufficiently prevent file access across multiple filesystem schemes stored in the same bucket. This vulnerability is mitigated by the fact that an attacker must obtain a method to access arbitrary...

5.6AI score
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/08/30 12:0 a.m.5 views

The vulnerability of the /ptippage.cgi component of the ISnex HC-IP9100HD and ISnex HC-IP9050HD network camera microprogramming system allows a intruder to gain full access to the device.

The vulnerability of the /ptippage.cgi component of the ISnex HC-IP9100HD and ISnex HC-IP9050HD network camera microprogramming system is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain ful...

9CVSS7.2AI score0.01043EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.3 views

PT-2022-10717 · Aveva · Aveva Software Platform Common Services (Pcs) Portal

Name of the Vulnerable Software and Affected Versions: AVEVA Software Platform Common Services PCS Portal versions 4.4.6, 4.5.0, 4.5.1, 4.5.2 Description: The issue is related to DLL hijacking through an uncontrolled search path element. This may allow an attacker to control one or more locations...

7.8CVSS7.3AI score0.00213EPSS
Exploits0References4
Prion
Prion
added 2022/07/17 9:15 p.m.14 views

Default credentials

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

4.1CVSS7.1AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/17 8:11 p.m.16 views

CVE-2022-30622 Chcnav - P5E GNSS Information disclosure

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

5.3CVSS7.4AI score0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/09/17 10:26 a.m.13 views

CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS5AI score0.7233EPSS
Exploits7References5
Rows per page
Query Builder